Microsoft made over 100 updates and announcements in the month of November 2024 for the Microsoft 365 platform. Don’t have time to read them all? We’ve gone through all of them and put together what we feel are the most important updates for you to be aware of.
8 new Copilot feature metrics are generally available in the Copilot Dashboard and Viva Insights Advanced insights. The new Copilot feature metrics being added include:
- “Intelligent Recap” actions taken in Teams
- “Visualize as table” actions taken in Word
- “Chat (Copilot in Word)” prompts submitted in the in-app chat section in Word
- “Add content to presentation” actions taken using PowerPoint
- “Organize presentation” actions taken using PowerPoint
- “Chat (Copilot in PowerPoint)” prompts submitted in the in-app chat section in PowerPoint
- “Chat (Copilot in Excel)” prompts submitted in the in-app chat section in Excel
- “Business Chat (web)” prompts submitted. This feature is also known as “Copilot with Enterprise Data Protection,” and the insights include prompts submitted through Edge and the Microsoft 365 app.
As part of this update, the “Total actions taken” numbers will also be updated to reflect activity related to the Copilot features listed above. The “Total number of active Copilot users” and “Percentage of active Copilot users” already include the features above, but the addition of Business Chat (web) will impact them.
Starting in early December 2024, anyone with access to the Copilot dashboard will be able to view these insights. Anyone with the Viva Insights analyst role will be able to query the usage information related to these features through Viva Insights Advanced Insights. Note that these metrics and insights only appear for measured employees with a Microsoft 365 Copilot license in the Copilot dashboard. Measured employees also need to be assigned a Viva Insights license so their data can be available in Viva Insights Advanced Insights.
Excel will add a new feature at the end of the year that allows users to create Power Automate flows directly. The new ribbon will also include new ready-made templates, and users can view and manage flows from Excel.
Microsoft Teams Admin Center is gaining a new page to help organizations manage external access policies more centrally. Admins can now view, add, edit, and remove external access policies for users within the organization through this new page in the Teams Admin Center instead of running PowerShell commands. General availability is expected by the end of Jan 2025, while other tenant types will get this page by mid-Feb 2025.
This year, Microsoft has released as many products as enhancements. Among this lineup is SharePoint Embedded, an API-only solution that empowers app developers to leverage Microsoft 365's file and document storage capabilities to create line-of-business or multitenant applications. A prime example is Microsoft Loop, a SharePoint Embedded application.
This month, the SharePoint Container management interface within the SharePoint Admin Center received some much-needed enhancements.
Container Management Features:
- Sorting and Filtering Containers: Admins can now sort and filter containers based on criteria applied to selected columns, including multi-filtering.
- Setting Sensitivity Labels: Sensitivity labels can be added to containers in the Settings tab of the container's detail panel.
User Management Features:
- Role Management: Admins can add users to roles, reassign users from existing roles, and remove users from roles within a container.
These features are expected to be available in all tenants by EOY. To prepare for this rollout, ensure the SharePoint Embedded admin role is assigned to the relevant admins.
By leveraging these new features, IT business professionals can ensure a more streamlined and efficient management of SharePoint-embedded applications, ultimately securing their organization's digital presence.
Microsoft has announced the public preview of Microsoft Security Copilot embedded in the Microsoft Entra admin center. This integration brings AI-driven identity and access management capabilities directly into the admin center, enhancing tasks like identity risk investigation and sign-in troubleshooting. The post highlights the benefits of using Security Copilot, including improved efficiency and accuracy for IT admins, and outlines new skills for managing access governance and policy enforcement. It also emphasizes the collaborative effort in shaping the product’s future and invites users to join the public preview.
Microsoft has announced the public preview of OpenID Connect (OIDC) identity provider support for Microsoft Entra External ID, a customer identity and access management (CIAM) solution. This new feature allows users to sign in and sign up using existing accounts from external identity providers like Amazon, Auth0, and Okta, enhancing user experience and integration capabilities. The post details the development process and key scenarios for using OIDC federation and provides guidance on configuring and integrating these identity providers into user flows. It also highlights future plans for expanding federation capabilities and encourages user feedback and participation in further development.
Microsoft warns about the forthcoming retirement of the Azure AD Graph API and the necessary actions to ensure a smooth transition to Microsoft Graph. It outlines key milestones, including the final retirement date of July 1, 2025, and provides detailed steps for identifying and migrating applications that currently use Azure AD Graph APIs. The post emphasizes the importance of immediate action to avoid service disruptions and highlights the benefits of Microsoft Graph, such as enhanced security and new functionalities. Applications will be unable to make requests to Azure AD Graph APIs after February 1, 2025, unless configured for extended access until June 30, 2025. It also offers resources and recommendations to assist with the migration process.
Intune is introducing a new improvement to how certificates are deployed and managed on MacOS devices. With the new workflow, the end-user is prompted to select a certificate only once, with the option to remember it going forward. Unlike before, the end-user now does not need admin rights to accept the certificate, making it less of a security risk.
The second November update concerns enhanced hardware inventory on fully managed Android and enterprise-dedicated devices. Intune can now collect information about the subscriber carrier and the Integrated Circuit Card Identifier (ICCID) number associated with the SIM card. To view this information, visit the Hardware blade and look at an Android device in Intune that meets the discussed requirements. This new feature allows Intune admins to view the information from within Intune.
Microsoft is expanding Intune support to include Apple's specialty devices, notably the Apple Vision Pro AR/VR headset. Starting in November 2024, organizations can apply app protection policies (APP) to Vision Pro, beginning with Microsoft Teams on visionOS. This extension ensures that organizational data remains secure on Vision Pro, allowing users to utilize AR/VR capabilities while maintaining compliance.
In early 2025, Microsoft plans to extend APP support to additional Microsoft 365 applications, fostering a unified and secure ecosystem across various devices. The Intune SDK will also be made available for third-party applications, enabling broader integration of data protection measures. Additionally, Microsoft intends to introduce mobile device management (MDM) for visionOS and tvOS, facilitating seamless management of these devices within Intune.
These developments underscore Microsoft's commitment to adapting to diverse business needs across ecosystems. Microsoft provides IT administrators with the tools to apply consistent security policies, maintain compliance, and respond swiftly to emerging security challenges.
In November 2024, Microsoft introduced the Windows Resiliency Initiative to enhance system security and reliability. Key components include:
- Quick Machine Recovery allows IT administrators to execute targeted fixes on PCs remotely without physical access, even those unable to boot. A public preview is scheduled for early 2025.
- Collaboration with Security Partners: Through the Microsoft Virus Initiative (MVI), Microsoft is adopting Safe Deployment Practices, including gradual rollouts and monitoring, to minimize the negative impacts of updates. Additionally, efforts are underway to enable antivirus processing outside of kernel mode, reducing the risk of system-wide failures due to security software issues. A private preview of these capabilities is planned for July 2025.
- Administrator Protection: A new feature in preview allows users with standard permissions to temporarily gain administrative rights for specific tasks upon authentication via Windows Hello. This ensures elevated privileges are granted only when necessary and are promptly revoked after task completion.
- Transition to Safer Programming Languages: In alignment with the Secure Future Initiative, Microsoft is gradually moving certain Windows functionalities from C++ to Rust. This move aims to enhance system security and stability by reducing vulnerabilities associated with memory safety issues.
These measures reflect Microsoft's commitment to strengthening Windows' resilience against emerging threats and ensuring a secure computing environment for users.
Microsoft has introduced several security enhancements for Windows 365 and Azure Virtual Desktop to strengthen identity protection, access control, and data security:
- Secure by Default: Newly provisioned and reprovisioned Windows 365 Cloud PCs now have Port 3389 restricted by default, reducing exposure to potential attacks.
- Secure Identity: Passkey support in Microsoft Entra for macOS and iOS devices enhances passwordless authentication, providing a seamless and phish-resistant sign-in experience. Additionally, faster re-authentication features allow IT admins to enforce timely reauthentication based on organizational needs.
- Secure Access: Microsoft Intune Mobile Application Management (MAM) for Windows App on iOS (generally available) and Android (in public preview) enables secure access to Windows 365 and Azure Virtual Desktop from both managed and unmanaged mobile devices. This supports bring-your-own-device (BYOD) scenarios while maintaining security compliance.
- Secure Data: Features like Microsoft Purview Customer Lockbox ensure that only authorized requests can access content, enhancing data protection. Screen capture protection and unidirectional clipboard redirection add layers of defense by preventing the capture or sharing of sensitive information, mitigating the risk of data leaks.
These integrated security measures provide organizations with robust tools to protect their virtual environments, ensuring a secure and efficient cloud experience.
Currently, in public preview, this new capability will allow SharePoint document library owners to auto-apply a special sensitivity label to all unprotected files in a library, which will pass the library permissions to files even after they're downloaded. When downloaded files are shared with users who do not have access to the original file in the library, their permissions will be validated in real time, and they won't be able to open the downloaded file. While this is a relatively simple implementation of sensitivity labeling, its ease of setup will allow many more files to receive a new level of protection. Fortunately, this can be set up without the library owner needing to perform more complicated configurations in Microsoft Purview directly.
